HPE Adds Niara to Enhance Intelligent Edge Protection

By Keerti Melkote, Blog Contributor
Share Post

Niara logo.pngToday, I am excited to announce that HPE Aruba has acquired Niara, a leader in the developing User and Entity Behavior Analytics (UEBA) market space, to help our customers detect and protect themselves against advanced cyber-attacks that have penetrated their perimeter defenses.

Niara is a leader in this new category of products that employ machine learning and big-data analytics on enterprise packet streams and log streams to discover these advanced attacks.

The Niara solution automatically establishes baseline characteristics for all users and devices across the enterprise, globally. After a baseline is established, the software actively looks for anomalous, inconsistent activities that may indicate a security threat. Investigating individual security incidents that can take up to 25 hours each via traditional manual processes can now be performed in less than a minute, in four mouse clicks, due to the power of machine learning.

By integrating Niara's behavioral analytics technology with our ClearPass Policy Manager, we can now offer our customers the industry's most advanced threat detection and prevention solution for network security in wired and wireless environments, as well as Internet of Things (IoT) devices.

We look forward to bringing this new form of threat intelligence to our customers and technology partners via the ClearPass Exchange program.

Niara's Deep Roots with Aruba Enables a Tighter Security Integration

In addition to adding a new next-generation tool to our ClearPass security arsenal, today's acquisition is also exciting at a personal level, as we welcome back old friends who were part of the Aruba team in the early days and contributed greatly to our market success.

Niara co-founders Sriram Ramachandran (CEO) and Prasad Palkar (Vice President, Engineering), along with several other engineers, are returning to Aruba. This team developed the core technologies in the current ArubaOS operating system, including authentication, encryption, deep-packet inspection and more.

As a result, the Niara team is very familiar with our customers' networks and have designed their next-gen security solution to augment these capabilities in order to create a better-together combination.

We are thrilled to welcome the entire Niara team back to the HPE Aruba family.

How does Niara fit into HPE Aruba?

Anyone that has followed Aruba over the last 15 years knows that security has always been front and center of our differentiation. Early on, we focused deeply on security, as that was the number one concern cited by most enterprises when asked about their adoption of Wi-Fi technology in the enterprise.

That has not changed. Today, security is still our customer's number one concern, especially with the mass adoption of IoT devices that have, or will, connect to wired and wireless networks.

In 2002, as wireless technologies were in the early stages of adoption, authentication and encryption were the key requirements to secure the airwaves and standards. In response, we helped develop the Wi-Fi Protected Access 2 (WPA2) industry standard protocol. But we went further than others to protect our customers' networks.

The Aruba differentiation was in how we implemented the WPA2 wireless standard. We used IEEE 802.1X authentication, built into WPA2, to enable a user-centric, role-based access model, so enterprises could implement policies based on their organizational structure, as opposed to using abstract networking constructs like VLANs to represent policies.

We also centralized the gold-standard AES encryption in WPA2 to secure traffic, not only over the air, but also across the wire, to protect confidential information. Additionally, we embedded a full-stateful firewall for good measure, so customers could enforce application-level policies directly to user traffic.

This level of security integration was unheard of and revolutionary for Wi-Fi networks.

This initial innovation of role-based access has now evolved into a market known as Network Access Control (NAC). The idea is to apply access control policies based not only on a user's role, but also on other related contexts such as their device's health, and other contextual information, including time of day, physical location, etc.

As the market broadened for this capability, customers requested this capability to be available as software that they could apply to their existing network hardware, including hardware from our competitors. In response, we created our ClearPass product line for NAC.

ClearPass in now recognized in the industry as the most scalable, multi-vendor NAC platform. Its policy management, guest access, BYOD onboarding, advanced device health checking capabilities have won the confidence of many global enterprises.

After our customers deploy ClearPass to secure their internal network access, they pose the next logical questions: What happens after I allow a device to connect to my network? Can we provide visibility into what happens post-authentication, after a device is on the network?

Most networks today simply allow the traffic to flow freely between source and destination the moment they are on the network. Internal controls, such as Access Control Lists, are used to protect some types of traffic, while others flow freely.

More importantly, none of this traffic is analyzed to detect advanced attacks that have penetrated perimeter security systems and actively seek out weaknesses to exploit on the interior network.

It's no small wonder that today, the mean time to discover an attack is not measured in minutes or even days, but in weeks and months.

Innovating to Mitigate Next-Gen Security Threats

Reducing the time to discover attacks was the core of the problem that Niara set out to solve. The team had deep expertise in analyzing packet streams and applying network and security policies to these streams. They extended their expertise to apply advanced machine learning algorithms to packet streams inside the network – something that had never been attempted before due to the sheer volume of data generated by analyzing packet streams.

But the singular reason they pursued this difficult problem was the realization that packets always reveal the truth. By analyzing packet streams from a security perspective, you could get to the source of attacks that are already inside your network. They then added log stream analysis to create a complete end-to-end picture of a developing attack and deliver an advanced threat detection and analysis system built on modern scale-out architectural principles.

I got to appreciate the security challenges a company faces firsthand as a board member when Aruba was an independently traded public company on the NASDAQ stock exchange. As we considered our range of responses and measures that were needed to protect our enterprise, we soon understood that responding to post-breach attacks was a very reactive approach.

We needed a more proactive approach to hunting for threats that may have already entered the network and shutting them down with enforcement tools. We have the enforcement tool with ClearPass. We needed a threat hunting tool that would be more proactive in surfacing potential threats on the network.

As a result of this experience, Niara's value proposition resonated strongly with me, as it does with many of their customers, and I am eager to share this best-in-class technology with our HPE Aruba customers.